Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp472442ybm; Fri, 29 May 2020 04:52:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy4c/4xKq59ij+GXGTFiOuaN36X4+be7nrucb8ugUm62NTaPf7RzEvnd6u1WL0RaYviY4rh X-Received: by 2002:a17:906:404a:: with SMTP id y10mr6846470ejj.130.1590753128651; Fri, 29 May 2020 04:52:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590753128; cv=none; d=google.com; s=arc-20160816; b=D9ohUd7ZnXYDCUoa0szGNpM6vLQYtslzQ6FqeYCt0jil4aeZCnF0GfF4IKaa+Kc6lQ 8wLLV0JNuuKrRVC73VSxiD15wGJHF+9kGhMBwEPUtVVo21+qzzTXuPDRoyPBknBl6N8o 4AtHe7yzSbpN5S7FjmFZKqIet4GIXxgpuMyIeTD3dASU/fo4V25/2bVc/EhjSMCAqiMJ AIDmYwReQJkor/plMqdPLjbIbr0MDjUmamsEo2dD4wxnw8IibXt69yncyN3yIwgUo/Wm runJVs/BVLHZjpFexiDwMmb31t5KhwlA/GYIyy+EKDDB/X7XsWqivVlLkAjrq05DspAw S9Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=vVpRe1WNUZYTvNngzGXq9o6edO52m8+G1zkTQFJ3PDM=; b=PL3j8iWe+guBVu+RTj5EWdDVSYGCm7U4V6XDwCi7X/2qrGk98ADTiLpaAx3KM0GJbA gjSxD7lLFRV/jf78H7Ug4H3Z0AHALvUMeDfJnQ4Y7hw7FbUfpdfi5o/x7mCD5zJnrnb7 kdUlNog0vmKqbUsYkVnc6RMaxaSheCXyA0s6Rk4RBv5XlxEfuCE/Cj2IletH7m1QQP1m 43jYMZtpJ930n6eSmaf5qXWX1ZVIsrxVd1NLuEAzVNzTY4YH+KtFTt8kHkQ6xbKzDrwU Ud2pPY9BAFZkpKcJm22ihJ7It6PZoKMnD+vS4wR1SuyBBgYUJevFSF0hLgtcXXBCF50C CRSg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w22si5320324eds.426.2020.05.29.04.51.38; Fri, 29 May 2020 04:52:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725901AbgE2Lvf (ORCPT + 99 others); Fri, 29 May 2020 07:51:35 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:40672 "EHLO fornost.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725775AbgE2Lvf (ORCPT ); Fri, 29 May 2020 07:51:35 -0400 Received: from gwarestrin.arnor.me.apana.org.au ([192.168.0.7]) by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian)) id 1jedXq-0004te-Kq; Fri, 29 May 2020 21:51:27 +1000 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Fri, 29 May 2020 21:51:26 +1000 Date: Fri, 29 May 2020 21:51:26 +1000 From: Herbert Xu To: Ard Biesheuvel Cc: Linux Crypto Mailing List , Linux ARM , Eric Biggers , Stephan Mueller Subject: Re: [RFC/RFT PATCH 0/2] crypto: add CTS output IVs for arm64 and testmgr Message-ID: <20200529115126.GA3573@gondor.apana.org.au> References: <20200519190211.76855-1-ardb@kernel.org> <20200528073349.GA32566@gondor.apana.org.au> <20200529080508.GA2880@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, May 29, 2020 at 10:20:27AM +0200, Ard Biesheuvel wrote: > > But many implementation do not return an output IV at all. The only > mode that requires it (for the selftests to pass) is CBC. Most modes can be chained, e.g., CBC, PCBC, OFB, CFB and CTR. As it stands algif_skcipher requres all algorithms to support chaining. > For XTS, we would have to carry some metadata around that tells you > whether the initial encryption of the IV has occurred or not. In the You're right, XTS in its current form cannot be chained. So we do need a way to mark that for algif_skcipher. > CTS case, you need two swap the last two blocks of ciphertext at the > very end. CTS can be easily chained. You just need to always keep two blocks from being processed until you reach the end. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt